v0.351.0

What's Changed

• Alias Package classes to Python and simplify LatestVersionFinder by @markhallen in #13651
• uv: Alias NativeHelpers, Language, and LanguageVersionManager to Python by @markhallen in #13653
• Add npm_and_yarn DependencyGrapher with ephemeral lockfile generation by @jurre in #13657
• Use NODE_EXTRA_CA_CERTS for all Node package managers by @jeffwidman in #13675
• Add libcairo2-dev and libgirepository-2.0-dev for PyGObject support by @Copilot in #13630
• fix(uv): pass target version to uv lock command to respect ignore conditions by @markhallen in #13690
• use unique annotations to track equivalent nodes by @brettfo in #13679
• Replace dependabot-script repo with example-cli-usage repo by @jeffwidman in #12417
• chore(conda): remove beta ecosystem check by @markhallen in #13692
• Fix npm optional dependency error by @AbhishekBhaskar in #13622
• Add Cairo build dependencies to UV by @AbhishekBhaskar in #13688
• Parse private registry details to corepack install command by @thavaahariharangit in #13703
• Combine corepack commands into a single RUN command in npm_and_yarn Dockerfile by @Copilot in #13683
• Combine repeated RUN install commands in composer/Dockerfile using HEREDOC syntax by @Copilot in #13682
• Use openjdk-21-jdk-headless to reduce the image size by @yeikel in #13670
• Remove usages of unsupported MAVEN_CONFIG environment variable by @yeikel in #13672
• fix(npm): parse caret constraint with major-only version by @caugner in #13689
• v0.351.0 by @dependabot-core-action-automation[bot] in #13704

New Contributors

• @caugner made their first contribution in #13689

Full Changelog: v0.350.0...v0.351.0

v0.350.0

What's Changed

• Fix pip ~= operator losing precision with BumpVersionsIfNecessary strategy by @Copilot in #13542
• Implement BCR .bcr.X version handling in Bazel by @robaiken in #13592
• Add support for .bzl files, local overrides, and downloader configs in Bazel file fetcher by @markhallen in #13586
• Fix No Cargo.toml! error by normalizing DependencyFile names by @thavaahariharangit in #13359
• feat(common): add cooldown fallback to current version by @thavaahariharangit in #13582
• Upgrade uv to v0.9.11 by @charliermarsh in #13605
• julia: fix handling ignored versions by @IanButterworth in #13620
• Rust toolchain cache bust headers by @a-schur in #13604
• Pre-cache common npm versions in Corepack and activate on-demand by @thavaahariharangit in #13607
• Conda native implementation by @theztefan in #13590
• Improve support for combination of version constraints by @robaiken in #13633
• added https to registry URL if stripped out in the process by @alhss in #13636
• allow for dependency discovery with a single restore operation by @brettfo in #13532
• Fix Helm values.yaml parsing to properly handle Docker images with separate registry and repository fields by @frans-otogone in #13067
• Refactor uv ecosystem to reuse Python Version and Requirement classes by @markhallen in #13641
• julia: fix putting new compat entries in alphabetical order by @IanButterworth in #13626
• Streamline 34 COPY commands into one by @jeffwidman in #13637
• Handle multiple COPY into $DEPENDABOT_HOME/ as one command by @jeffwidman in #13638
• Fix changelog finder matching files with changelog names in the middle by @IanButterworth in #13645
• Refactor uv to reuse Python's MetadataFinder, AuthedUrlBuilder, and NameNormaliser by @markhallen in #13643
• Alias RequirementParser to Python and remove dead code from uv by @markhallen in #13650
• v0.350.0 by @dependabot-core-action-automation[bot] in #13646

New Contributors

• @frans-otogone made their first contribution in #13067

Full Changelog: v0.349.0...v0.350.0

v0.349.0

What's Changed

• use PURLs in DG submissions by @jakecoffman in #13527
• Bazel update checker to filter ignored versions by @robaiken in #13549
• Cache library detection to prevent redundant PyPI API calls by @Copilot in #13529
• Fix npm_and_yarn file_updater specs for js-yaml 3.14.2 by @thavaahariharangit in #13568
• Remove bun references from the npm_and_yarn ecosystem by @yeikel in #13514
• Replace temporary sigstore git workaround with released gem by @markhallen in #13570
• When a dependency graph job fatally errors, emit a blank snapshot for the directory by @brrygrdn in #13571
• v0.349.0 by @dependabot-core-action-automation[bot] in #13599

Full Changelog: v0.348.1...v0.349.0

v0.348.1

What's Changed

• Add opentofu gemspec to helpers by @robaiken in #13546
• v0.348.1 by @dependabot-core-action-automation[bot] in #13548

Full Changelog: v0.348.0...v0.348.1

v0.348.0

What's Changed

• Fix: Skip unfetchable sdist/wheel path dependencies in Python by @Copilot in #13522
• feat(bazel): Add ecosystem method to FileParser by @markhallen in #13533
• Add OpenTofu ecosystem by @diofeher in #13091
• v0.348.0 by @dependabot-core-action-automation[bot] in #13545

Full Changelog: v0.347.0...v0.348.0

v0.347.0

What's Changed

• consider directory when checking for existing PR by @jakecoffman in #13058
• Remove unused grouped_security_updates_disabled feature flag by @Copilot in #13492
• Reduce API quota usage in smoke tests by centralizing CLI download by @Copilot in #13491
• Add MODULE.bazel.lock lockfile update support by @markhallen in #13467
• Fix nil dependency crash in ErrorHandler when refreshing PRs by @Copilot in #13480
• Add support for *.MODULE.bazel files in Bazel file fetcher by @Copilot in #13475
• Fix logging format when previous_version is nil for pip dependencies by @Copilot in #13487
• bazel: simplify, harden, and fix version handling by @markhallen in #13508
• Add metadata finder to bazel by @robaiken in #13507
• remove pruned dependencies from graph payload by @jakecoffman in #13509
• Fix Poetry lock file updates for PEP 621 projects by @Copilot in #13499
• Validate dependency-type option is only used with supported package managers by @Copilot in #13413
• Ensure package_hashes_for uses absolute index_url by @thavaahariharangit in #13518
• Fix: Gradle Wrapper native updated run for every dependency by @gmazzo in #13501
• add net10 as a supported framework and update others by @brettfo in #13512
• Fix: Preserve tilde (~=) compatible version format in setup.py/setup.cfg by @Copilot in #13513
• Upgrade uv to v0.9.8 by @charliermarsh in #13502
• report update process exit code by @brettfo in #13483
• Set persist-credentials: false for actions/checkout by @JamieMagee in #13530
• Bump the all-actions group across 1 directory with 14 updates by @dependabot[bot] in #13493
• Add zizmor workflow by @JamieMagee in #13531
• feat(bazel): Fetch referenced lock files and BUILD files for MODULE.bazel by @markhallen in #13528
• Enable credential persistence in gems-bump-version workflow by @a-schur in #13535
• v0.347.0 by @dependabot-core-action-automation[bot] in #13538

New Contributors

• @charliermarsh made their first contribution in #13502

Full Changelog: v0.346.0...v0.347.0

v0.346.0

What's Changed

• Remove repo_contents_path nil checks in go_modules by @Copilot in #13415
• Ruby 3.4.7 by @JamieMagee in #13421
• Julia: Various fixes by @IanButterworth in #13398
• fix go mod graph failing on local replaces by @jakecoffman in #13380
• Fix update_graph_processor_spec to use isolated temp directories by @Copilot in #13438
• Julia: Fix project & manifest discovery. Remove invalid "*" wildcard handling. Default to spaced compat lists. by @IanButterworth in #13437
• Close the PR when rebase workflow action throws dependency_file_not_found error by @thavaahariharangit in #13441
• ensure dependencies are up to date before attempting a file edit by @brettfo in #13440
• [Graph] Use a non-zero value for version by @brrygrdn in #13444
• [Graph] Do not block the job when a single directory submission fails by @brrygrdn in #13445
• Fix PEP 621 dependency parsing and resolver selection for hybrid Poetry projects by @Copilot in #13417
• Reorganize require statements and update Gemfile by @robaiken in #13458
• Fix SSL certificate verification error handling in Python and UV hashers by @Copilot in #13382
• Enhance copilot instructions on Sorbet's autocorrect feature and code commenting best practices by @markhallen in #13443
• julia: Add support for workspaces by @IanButterworth in #13446
• [Graphs] Prefer to use a DEPENDABOT_UPDATER_SHA as the detector version, if set by @brrygrdn in #13447
• fallback when subdependency fetching fails by @jakecoffman in #13463
• Added Gradle Wrapper support by @gmazzo in #12891
• Adding support to callable workflow in github_action by @thavaahariharangit in #13449
• Bump npm version from 10.9.3 to 11.6.2 latest by @thavaahariharangit in #13476
• Enable the inclusion of maven_install.json files in the temporary folder during Bazel sync operations. by @markhallen in #13478
• Fix cooldown bypass when PyPI JSON contains malformed version strings by @Copilot in #13412
• fix graph job not erroring when fetching subs fails by @jakecoffman in #13473
• Remove unrelated dependencies from the bun ecosystem by @yeikel in #13404
• Close the PR when rebase workflow action throws dependency_file_not_found error by @thavaahariharangit in #13488
• Bump npm version from 10.9.3 to 11.6.2 latest by @thavaahariharangit in #13482
• v0.346.0 by @dependabot-core-action-automation[bot] in #13484

Full Changelog: v0.345.0...v0.346.0

v0.345.0

What's Changed

• Allow repo variables to target forks on smoke tests by @gmazzo in #13423
• Add Bazel support to the updater by @robaiken in #13414
• Add nil safety to uv file parser to handle uv path dependencies by @AndrewBryer in #13367
• v0.345.0 by @dependabot-core-action-automation[bot] in #13432

New Contributors

• @gmazzo made their first contribution in #13423
• @AndrewBryer made their first contribution in #13367

Full Changelog: v0.344.1...v0.345.0

v0.344.1

What's Changed

• Add dependabot-bazel gem to Gemfile and update Gemfile.lock by @robaiken in #13397
• v0.344.1 by @dependabot-core-action-automation[bot] in #13399

Full Changelog: v0.344.0...v0.344.1

v0.344.0

What's Changed

• Bazel Ecosystem by @robaiken in #13265
• v0.344.0 by @dependabot-core-action-automation[bot] in #13392

Full Changelog: v0.343.1...v0.344.0